Explore red team engagements and the often-overlooked risks associated with mobile devices in this DefCamp 2019 conference talk. Delve into the fundamentals of red teaming, its phases, and the significance of mobile security. Examine two real-world scenarios involving mobile applications, learning about tools for Android app analysis and penetration testing techniques. Discover how to leverage existing pentesting tools for mobile targets and gain insights into using Frida for mobile app penetration testing, including creating backdoors, offensive instrumentation, and automating with Gadget Config. Conclude with a discussion on reverse shells using Frida and explore potential areas for further research in this critical aspect of information security.
Red Team Engagements and the Forgotten Risk of Mobile Devices - DefCamp - 2019
Overview
Syllabus
Intro
Red Team 101
Red Team Phases
Why Mobiles?
Mobile Application
Mobile App Tools - Android
Scenario 1 - What we had
Scenario 1 - But here's your pwd, so login maybe?
Scenario 1 - How I met your mobile
Scenario 1 - The End
Scenario 1 - Takeaways
Scenario 2 - What we had
Scenario 2 - Free Mobile App Pentest
Scenario 2 - Reverse 2 Win
Scenario 2 - The End
Scenario 2 - Takeaways
Targeting Mobile Users
Leverage existing pentesting tools?
Frida for Mobile App Penetration Test
Create a Frida Backdoor
Offensive Instrumentation with Frida
Automating with Gadget Config
Reverse Shell with Frida
Conclusions and Further work
Taught by
DefCamp
